Natural gas infrastructure isn’t just vulnerable to wayward shovels and poorly planned construction projects and that is what Ohio Homeland Security’s Critical Infrastructure program is here for. In this article, we will go through some examples of the threats posed to natural gas infrastructure by criminal and terroristic threat actors- both groups seeking to deliberately and unlawfully damage our nation’s natural gas infrastructure for their own purposes.
Starting with a picture of our physical security threats, we have a mix of theft, vandalism, tampering, and sabotage incidents. With natural gas being a subsector of the energy sector- which is one of our nation’s lifeline sectors of critical infrastructure- natural gas systems are an attractive target for malicious actors willing to commit criminal acts and/or violence to achieve their financial, political, or ideological goals. Natural gas assets in rural Ohio are especially vulnerable due to their remote nature, lack of security, single points of failure, and longer response times from local law enforcement in the event of a targeted attack.
Energy infrastructure is a target for domestic violent extremist (DVE) groups that are motivated by a wide range of ideologies, although physical attacks against the natural gas subsector are mainly perpetrated by environmental rights extremists. See some examples of these issues below:
- January of 2022, an individual, in an attempt to fight capitalism and climate change, tried to detonate an explosive device to destroy a section of the Permian Highway Pipeline in Hays County, Texas. The attempt was unsuccessful due to a “design flaw” in the device. Shortly after the attempt, the bomber turned himself in to authorities. 1
- In December 2020, representatives of “Earth First”, a self-described “radical environmental movement”, vandalized a natural gas line in Colorado, leaving 3,500 people without heat or hot water. 2
- In 2021, the novel, How to Blow Up a Pipeline, was published. This book embraced the belief that sabotage and destruction of fossil fuel infrastructure was necessary once peaceful climate activism failed to produce results. In 2023, a movie adaptation was released, which told a fictional story of a group of individuals who sabotaged a U.S. federal oil pipeline in the name of climate activism. 3
As for an overview of the cybersecurity threats posed to natural gas, we see a mix of ransomware, Distributed Denial of Service (DDoS), botnet, and more. Cyber threat actors (aka, ‘hackers’) have varying motives that range from financial gain to deeper levels of sabotage and espionage. Cyber-attacks against energy and natural gas infrastructure happen every day at a rate much higher than physical incidents, using constantly evolving tactics and techniques. These attacks are projected to continue occurring regularly. As for some examples:
- Volt Typhoon, a People’s Republic of China (PRC) state-sponsored cyber threat group, is increasingly targeting critical infrastructure. Between August and September of 2023, Volt Typhoon attempted at least 14 times to connect to various IP addresses of a U.S. electric and natural gas provider. 4
- In 2021, the Colonial Pipeline Company USBUS proactively shut down its pipeline system in response to a ransomware attack from PRC cyber actors targeting its IT networks and industrial control systems. This incident caused significant operational disruptions for approximately a week and induced panic among the population. 5
The People’s Republic of China also poses a unique risk to the U.S. and its critical infrastructure. China is seeking to become a global hegemon, developing ways to strengthen their position through social engineering and subterfuge. In the event of a major conflict, civilian infrastructure is a key target for Chinese forces, natural gas being one of their prime targets. Below are some comments from federal agency leadership on this issue:
- FBI Director Christopher Wray appeared before the House Select Committee on the Chinese Communist Party and discussed the PRC threat, “China’s hackers are positioning on American infrastructure in preparation to wreak havoc and cause real-world harm to American citizens and communities, if or when China decides the time has come to strike,”. 6
- Jen Easterly, CISA Director, told an audience at the Aspen Institute in Washington, “In the event of a conflict, China will almost certainly use aggressive cyber operations to go after our critical infrastructure, to include pipelines and rail lines to delay military deployment and to induce societal panic”. 7